Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events

Forums

Articles
Create
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

AWS server not reacheable by port 22 pipeline

Valentino Roca Segura
Valentino Roca Segura
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
November 14, 2024

I put all the ip in

https://support.atlassian.com/bitbucket-cloud/docs/what-are-the-bitbucket-cloud-ip-addresses-i-should-use-to-configure-my-corporate-firewall/

but nothing change... pipeline returns time out

Answer
Watch
Like Deleted user likes this
480 views

4 answers

1 accepted

2 votes
Answer accepted
Patrik S
Patrik S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 14, 2024

Hello  @Valentino Roca Segura ,

and welcome to the Community!

We have recently updated our 1x/2x size option builds to operate from a new, broader IP range.

For teams who need their builds to run from a more restricted set of IP addresses, we recommend using the atlassian-ip-ranges configuration available with our 4x/8x stepsThese size options are only available for builds running under a paid Bitbucket Cloud plan (Standard or Premium).This option provides enhanced security by limiting the IP addresses to a smaller, more manageable list. You can find more details about this configuration here. This configuration does not need to apply to all steps in a pipeline, just the steps that access secure resources.

Please Note: Opting for larger step sizes (4x/8x) may impact billing. We encourage you to review the relevant documentation on step sizes here to understand these implications fully.

You can view the complete list of IP addresses used by the 1x/2x steps in this JSON format. This list can be explicitly filtered for EC2 or S3 resources located in us-east-1 and us-west-2. We do not recommend or support adding these IP addresses into your firewall configuration.

The AWS JSON file is divided into CIDR blocks. To help you identify if a given IP address belongs to an Amazon CIDR IP range, you can check the article How to identify the CIDR block of the IP from the Bitbucket pipeline.

Important Note: Relying solely on IP-based firewalls for securing your infrastructure is not recommended. Instead, consider implementing secure authentication methods for any services exposed to Bitbucket Pipelines, such as using OpenID Connect (OIDC).

Alternatively, you may consider utilizing Bitbucket's pipeline runners. Runners enable you to execute builds in Pipelines on your own infrastructure. Additionally, as your runner is hosted on your own infrastructure, you will have greater flexibility regarding the list of IP addresses to permit.

Please feel free to reach out if you have any questions.

Thank you!

Patrik S

View More Comments
Deleted user November 14, 2024 edited

It seems this got way more complicated than it should.


I added all the IPs v4 and v6 from here:


    Valid IP addresses for bitbucket.org, api.bitbucket.org, and altssh.bitbucket.org
    Valid IP addresses for Bitbucket Pipelines build environments

and from here    


  Outgoing Connections


Please could you advise what are the IPs that are missing in that list ? I am afraid if I do something to see the IP in the pipelines logs, then it will change, I am pretty sure that some ips are missing in your list.





Like
Patrik S
Patrik S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 14, 2024

Hello @[deleted] ,

I'm sorry to hear you're facing difficulties with the changes in the pipelines runtime.

I recently posted a comment on a similar question clarifying how the documentation is divided to provide better clarity on the IP addresses and their usage. I encourage you to read that explanation for a more detailed understanding.

The issue you are facing might be due to the specific step settings in your Bitbucket Pipelines that determine which IP ranges are in use.

Please review the explanation and let me know if you have any further questions or need additional assistance.

Thank you, @[deleted] !
Patrik S

Like
Reply
0 votes
Sabin Petru
Sabin Petru November 15, 2024

I won't add the whole list of AWS IPs, thats insecure and you shouldn't even mention it... Why should I pay a 4x/8x just for the IPs? I don't need that much CPU/Memory. 

 

This should be fixed.

View More Comments
Patrik S
Patrik S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 15, 2024

Hello @Sabin Petru  ,

Thank you for sharing your concerns with us.

Our Product Manager has provided additional context and information about this change in a Community post, which we hope will address any remaining questions you may have. You can review it here: 

Thank you, @Sabin Petru  !

Patrik S

Like
Reply
0 votes
Valentino Roca Segura
Valentino Roca Segura
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
November 14, 2024

Heyyy thank you so much:

this work for me as Patrik said:

- step:
  name: Deploy staging
  deployment: Staging
  size: 4x
  runtime:
   cloud:
       atlassian-ip-ranges: true


View More Comments
Deleted user November 15, 2024

Yes, this solution works, but it comes with the downside of increased costs due to resizing your VM to handle the CI/CD processes.

It feels unfair for Atlassian to push users to upgrade their infrastructure to maintain the level of security we previously had. This approach seems like a way to drive additional revenue or degrade the service to force upgrades.

Today is possible to keep using x2 sizes, but you must whitelist a lot of IPs that belong to Amazon EC2.(an some S3 if you need to...)


Like
Reply
0 votes
Deleted user November 14, 2024

I have the exact same problem can someone please fix this ASAP please? The IPs provided in the documentation does not works so some IPs are missing for sure

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events

Community
Forums
FAQs Forums guidelines
Learning
About learning Resources
Events
Copyright © 2025 Atlassian
Privacy Policy Terms Security
Welcome illustration

Welcome to the new Atlassian Community

Online forums and learning are now in one easy-to-use experience.

By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.